17:00:03 #startmeeting openstack security group 17:00:03 Meeting started Thu Dec 11 17:00:03 2014 UTC and is due to finish in 60 minutes. The chair is tkelsey. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:04 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:00:07 The meeting name has been set to 'openstack_security_group' 17:00:10 #topic rollcall 17:00:19 o/ 17:00:24 o/ 17:00:27 o/ 17:00:33 o/ 17:00:38 Sorry I'm in another unavoidable meeting today. Damned customers with their wanting to give money for the things 17:00:39 hey OSSG folks, im charing this one again, hyakuhei is a busy busy man 17:00:43 ^ 17:00:51 present 17:01:27 so anyone got anything specific they want to bring up this meeting? 17:01:48 i wanted to give a brief status update on the progress of the sahara security docs 17:02:10 elmiko: ok awesome, should be interesting 17:02:35 just give it a min for folks to join 17:02:47 np 17:03:24 i guess we will start with your update then elmiko, if thats ok? 17:03:35 #topic ahara security docs 17:03:41 * sweston slithers in late 17:03:50 damnit sweston! 17:03:51 * ndillon does too 17:03:54 :) 17:03:58 hyakuhei: :-) 17:04:03 * sweston puts on the hat of shame 17:04:04 redrobot: Thanks for poking your head in :) 17:04:15 ok, so.. 17:04:27 we've created a bp and spec in the sahara project to cover the doc effort 17:04:31 hyakuhei :) 17:04:31 #topic sahara security docs 17:04:38 elmiko: #link ? 17:04:44 sec 17:05:14 https://blueprints.launchpad.net/sahara/+spec/security-guidelines-doc 17:05:48 with bdpayne's guidance i have been getting up to speed on creating the chapter for the OSSG guide 17:06:04 elmiko: good stuff! 17:06:09 i am going to create a bug against the security-doc project and do the work based on that bug 17:06:41 we've agreed to make "Data Processing" the new chapter 14, and bump the rest by one 17:07:10 so, i'm just in the early phases of doing the writing and i'm learning a little about docbook as i go =) 17:07:22 and, that's about where i'm at 17:07:51 elmiko: sounds really good, is there a review on gerrit for it? or is that to come 17:08:08 tkelsey: still coming, i haven't created the bug or my first patch yet 17:08:20 #link https://blueprints.launchpad.net/sahara/+spec/security-guidelines-doc 17:08:27 #link https://review.openstack.org/139170 17:08:29 elmiko: ok no problem, will look forward to looking over it :) 17:08:43 tkelsey: that is the review for the spec to create the doc 17:08:56 ahh ok i see 17:09:11 we didn't really have an ideal place to create the spec, but both bdpayne and i agreed that we should have something visible to the public for the effort 17:09:28 +1 you sounds good 17:09:32 *yup 17:09:37 Could you have an etherpad with some early ideas? 17:09:39 so, maybe that's something to consider for future improvements to the sec-docs 17:09:49 bpb: i can certainly set one up 17:10:07 elmiko: great 17:10:49 ok, sounds good, thanks elmiko 17:11:01 #topic midterm 17:11:19 so redrobot any update on the geekdom stuff? 17:11:47 yep, let me fish out my notes 17:11:56 redrobot: awesome :) 17:12:40 So Geekdom SF is holding the Racker Rally Room for February 17-26 17:13:00 with additional access to an adjacent room/lounge space called "The Farm" 17:13:06 and also access to the community area 17:13:25 Unfortunately, the Barbican team won't be able to go up to SF for a back-to-back midterm 17:13:48 does barbican have a mid-cycle? 17:13:48 I'm not familiar with the space, but it would be good to get an SF native to go out there and check it out 17:13:53 redrobot: ah thats unfortunate 17:14:12 bknudson yes, we're looking at Austin for our mid-cycle 17:14:22 I know there was a lot of interest in overlapping the two 17:14:47 so we're planning on possibly having some sort of remote collaboration 17:15:09 I still like having them back to back in the calendar 17:15:18 hyakuhei +1 17:15:19 So we can physically be at both without massive travel costs. 17:15:29 hyakuhei: yeah +1 17:16:07 redrobot: what form would a remote collab take? If its not possible to overlap 17:16:21 tkelsey probably Google Hangouts or Vidyo 17:16:43 with plenty of IRC for coordination 17:16:57 what are peoples thoughts on doing that? just for the record (I still think physical would be best of course) 17:17:06 So if there's overlap or virtual collaboration I'm not completely against it 17:17:12 because overal meeting time is reduced 17:17:17 though I have quality concerns 17:17:48 hyakuhei: thats understandable 17:18:32 Maybe one or two joint sessions could be held, using broadcast audio and an etherpad or something 17:19:11 bpb: that might work, im not familiar with doing things like that personally, anyone have any thoughts? 17:19:49 personally I'd prefer physical if possible 17:20:22 dg_ sure, i guess this is thinking about a plan b 17:20:30 tkelsey: The audio would be the difficult part, since it would be hard to pick up discussion. Only a main speaker would work 17:21:32 humm ok, so what are our options here then 17:22:27 a) have the OSSG meetup in austin before/after the barbican meetup, b) have the OSSG Meetup in SF before/after the barbican meetup, 17:22:39 tkelsey: If there's a presentation that would be good for both sessions to hear, then you could have a joint session. Other than that, it wouldn't be practical 17:22:39 c) have the OSSG meetup in SF some other time 17:23:03 bpb: that makes sense 17:23:48 so what do people think about moving our things around to try and sync up? 17:24:54 I think it would be good to nail down some dates. It would make it easier to look for space. 17:25:28 redrobot: agreed, I'm not actually sure how far along arrangements are with this, hyakuhei would know more. 17:26:10 for now I think we need to move on and hyakuhei can bring it up next time 17:26:18 We had talked about mid-February for SF, so I don't think that would change 17:26:35 redrobot: yeah 17:27:01 I was proposing OSSG on Feb 16-20. Then barbican either before (11-13) or after (23-25) 17:27:17 not sure if 5 weekdays were enough for y'all 17:28:25 brb, my dog is doing the potty dance. 17:28:39 humm, seems reasonable, but im not able to make a call on that really. I'll talk to hyakuhei out of bounds and get back to people next time 17:28:57 redrobot: hehe ok 17:29:29 #action tkelsey to talk to hyakuhei about mid-cycle plans 17:29:36 lol 17:30:01 ok, lets move on, sorry that wasn't very conclusive 17:30:35 #topic OSSA metrics calibration 17:30:55 dg_ did you find a moment to send out the OSSA list email? 17:31:28 remind me... 17:32:16 ah, so last meeting we talked about sending out some recent OSSAs and getting interested people to rate them using the DREAD metrics 17:32:23 https://wiki.openstack.org/wiki/Security/OSSA-Metrics 17:32:36 That does sound like something I would be in favour of 17:32:55 I will do that this week :) 17:33:13 dg_ heh ok :) 17:33:53 #topic OSSNs 17:34:18 so anyone have anything interesting to mention on the OSSN front then? 17:34:58 hyakuhei has started https://review.openstack.org/#/c/140009/ OSSN 42 Keystone Scoping 17:35:16 I still have OSSN 38 in review, going to update it after this 17:36:24 ^ review 0042 please :) 17:36:28 looks like this one is new https://bugs.launchpad.net/ossn/+bug/1390124 unless I just missed it last time i looked 17:36:31 Launchpad bug 1390124 in ossn "No validation between client's IdP and Keystone IdP" [Undecided,In progress] 17:37:01 hyakuhei: +1 :) 17:38:50 ok so as normal, input most welcome on notes in review, and please update status in LP if you pick up a bug to prevent doubling up 17:39:20 and i think thats it, unless there is any other OSSN stuff? 17:40:01 Hi All sorry i was late 17:40:33 Hi ANish__ was just about to go to any other business 17:40:46 #topic any other business 17:40:56 Just a heads-up that We've submitted a spec for allowing the volume encyption feature to be used with Barbican https://review.openstack.org/#/c/140144/ 17:41:10 #topic barbican 17:41:18 We'd like to get this into kilo. Currently the key is hard coded- it's just a placeholder to test the feature 17:41:32 This was merged before in juno https://review.openstack.org/#/c/94918/ but it got pushed to kilo 17:42:35 i see, interested folks please go review that spec from bpb 17:42:52 tkelsey: thanks 17:44:09 looks like there has been more progress on this https://review.openstack.org/#/c/104001/ as well, good to see 17:44:55 ok, any other barbican topic people would like to discuss? 17:45:06 tkelsey: Anything new on the PyKMIP requirements? 17:45:09 barbican going to be integrated this release? 17:45:37 bpb: nothing yet, patch still in review https://review.openstack.org/#/c/137016/ 17:46:39 speaking of PyKMIP, i think i found a minor issue with it pertaining to the barbican tests and py2.7.8+ 17:46:53 elmiko: oh? 17:47:04 lemme grab the link, sec 17:47:16 elmiko: ok, thanks for the heads up! 17:47:20 https://github.com/OpenKMIP/PyKMIP/pull/5 17:47:36 i came across it while running the barbican tests on my rawhide box 17:47:57 this PR will solve the issue, but i'm not sure if it's the most appropriate 17:48:57 elmiko: ah i see, interesting 17:49:19 i wanted to talk with the authors to see if maybe changing the defaults for cert/key files might be better 17:49:37 but i figured, might as well propose this, then we can argue =) 17:50:09 sure hehe 17:50:42 have you had any contact back yet? 17:50:49 bknudson we're working towards integration, but if this happens https://review.openstack.org/#/c/138504/ then "integrated" may not even be a thing. :-\ 17:50:53 not yet, but i just message rellerreller earlier today 17:51:16 elmiko: ok awesome, thanks for this, good stuff 17:52:05 OK, 10 mins people 17:52:14 redrobot: thanks! seems to be a moving target 17:52:28 #link https://etherpad.openstack.org/p/sahara-security-guide-notes 17:52:38 elmiko: cool :) 17:52:40 just to close the loop, i set that up for the notes on the sec guide 17:52:48 i'll start posting soon(TM) ;) 17:52:57 hehe :) good stuff 17:53:11 elmiko: Thanks! 17:53:41 ok, any final business? 17:55:20 i'll take that as a no then :) thanks for attending all 17:55:31 #endmeeting